local-llm
Fail
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches an installation script from the official Ollama domain (ollama.com).
- [REMOTE_CODE_EXECUTION]: The official Ollama installation script is executed by piping its content directly to the shell.
- [COMMAND_EXECUTION]: Administrative privileges are requested via
sudoto enable and start systemd services for the local LLM backend. - [PROMPT_INJECTION]: The skill implements a
process_commandfunction that processes untrusteduser_inputto execute Home Assistant service calls. - [PROMPT_INJECTION]: Ingestion points: The
user_inputparameter in theprocess_commandfunction withinSKILL.md. - [PROMPT_INJECTION]: Boundary markers: Absent; user input is included in chat messages without delimiters or 'ignore embedded instructions' warnings.
- [PROMPT_INJECTION]: Capability inventory: The skill uses
hass.services.async_callto perform actions on lights, switches, and other home entities. - [PROMPT_INJECTION]: Sanitization: The function uses regex and JSON parsing to extract actions but does not validate the requested services or target entities against a whitelist.
Recommendations
- HIGH: Downloads and executes remote code from: https://ollama.com/install.sh - DO NOT USE without thorough review
Audit Metadata